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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 17 January 2006 . 
2a)El This action is FINAL. . 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-25 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-3. 6. 9-15 and 19-25 is/are rejected. 

7) ^ Claim(s) 4,5,7,8 and 16-18 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 
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Response to Arguments 

1. This communication is in response to applicants' response received on 01/17/2006. 

2. Claims 13, 24 and 25 are amended. 

3. Applicants on page 7, line 16 of the Remarks sate that "Applicants query whether 
the appropriate rejection is under Section 103." 



4. Applicants' arguments regarding the rejections under 35 U.S.C. 102(b) has been 
fully considered but they are not persuasive. 

5. Applicants on page 9, lines 6-7 of the Remarks argue that "Thus, Hadfield does 
not disclose or suggest authenticating a user to one or more groups using user 
information stored in a computer file associated with said user." 

Examiner respectfully disagrees and asserts that the Hadfield on page 81 , 
paragraphs 2-4 discloses that the user information is used to authenticate the user. The 
Hadfield also on page 81, paragraph 7 and on page 83, paragraph 3 discloses that the 
user information (ID and password) entered by user at the beginning of the log-on 
process is compared with the user information stored in the user account in a database. 
The user account is the computer file that is associated with the user. If the user 
information in a computer file or in a database is not associated with the user, how else 



The double patenting rejection is withdrawn. 
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the information belonged to a particular user could be retrieved for authentication 
purpose. 

6. Applicants, further, on page 8, argue that Hadfield stores user information in a 
central database. Independent claims of the application only recite that "user information 
stored in a computer file associated with said user" without referring to the location of the 
computer file. In response to applicants' argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., location of the stored user information) are not recited in the rejected claim(s). 
Although the claims are interpreted in light of the specification, limitations from the 
specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 
USPQ2d .1057 (Fed. Cir. 1993). 

8. Examiner, however, in light of the above submission maintains the previous 
rejections under 35 U.S.C. 102(b). 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 



Application/Control Number: 10/059,946 Page 4 

Art Unit: 2132 

Claims 1-3, 6, 9-15 and 19-25 are rejected under 35 U.S.C. 102(b) as being 
anticipated by "Windows NT Server 4 Security Handbook" by Lee Hadfield, Dave 
Hatter, Dave Bixler, 1997 (hereinafter Hadfield). 

Regarding claims 1,13 and 22-25, Hadfield discloses: 

computationally verifying an identity of said user (see, for example, page 80, 
paragraph 4; page 81, paragraphs 2 and 3; pages 168-169; pages 350-351; page 432, 
paragraph 5); and 

computationally verifying a membership of said user with said one or more 
groups (see, for example, page 80, paragraph 4 and 5; page 83, paragraphs 3 and 4 
pages 168-169; page 174, last paragraph), 

wherein said verifying computations are performed substantially simultaneously 
using user information stored in a computer file associated with said user (see, for 
example, page 81 , paragraphs 4-6, where a user's identity and its membership to any . 
group is authenticated with a single log-on process that is functionally equivalent to the 
recited verifying computations are performed substantially simultaneously). 

Regarding claims 2 and 14, Hadfield discloses: 

further comprising the step of registering said user with at least one of said one 
or more groups (see, for example, page 29; page 101; page 110; page 275, last 
paragraph; page 281, paragraph 4, where setting up and creating a user account and 
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user groups corresponds to the recited registering a user.. .with a group(s)). 
Regarding'claims 3 and 15, Hadfield discloses: 

wherein said registering step further comprises the step of said user and said at 
least one of said one or more groups exchanging a respective identifier (see, for 
example, page 29, paragraphs 3 and 4; page 102, paragraph 2; page 110; page 432, 
paragraph 5, where a password that correspond to the recited identifier is used to grant 
membership to a user a to a group). 

Regarding claim 6, Hadfield discloses: 

wherein said registering step further comprises the step of creating a registration 
identifier (see, for example, page 29; page 101; page 110; page 275, last paragraph; 
page 281 , paragraph 4, where during the process of creating a user account and user 
groups, user/group ID or password that correspond to the recited registration identifier is 
created and assigned to a particular user or group). 

Regarding claims 9 and 19, Hadfield discloses: 

wherein said verifying computations are performed in a single operation based 
on the El Gamal public key algorithm (see, for example, page 170, paragraphs 1-4, 
where RSA encryption algorithm is employed for authentication process which is 
functionally equivalent to El Gamal public key algorithm and it is a matter of 
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implementation). 

Regarding claims 10 and 20, Hadfield discloses: 

wherein said user information is stored on a smart card that provides tamper- 
resistant features (see, for example, page 81 , paragraphs 2 and 3). 

Regarding claims 11 and 21, Hadfield discloses: 

wherein said user information is stored in a memory of a computer (see, for 
example, page 33, paragraph 4; page 68, last paragraph; page 226, last 2 paragraphs; 
page 102, Fig. 4.1, where upon clicking Add button, the user information are saved on a 
disk or hard drive that represent a memory). 

Regarding claim 12, Hadfield discloses: 

wherein a user that satisfies said verifying computations is allowed to access a 
plurality of groups (see, for example, page 28, paragraph 2; page 29, paragraph 4; page 
81, paragraph 4; page 110, paragraph 3; pages 112-113, where it demonstrate that an 
authenticated user has the same rights and permissions of the groups that the user has 
membership which corresponds to the recited user... allowed to access a plurality of 
groups). 
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Allowable Subject Matter 

Claims 4, 5, 7, 8 and 16-18 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Abdulhakim Nobahar whose telephone number is 571- 
272-3808. The examiner can normally be reached on M-T 8-6. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-2 1 7-9 1 97 (toll-free). 
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Examiner p\ , 
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